Well, I’ve been busy with a encrypted fileserver before and it runs for quite a while in my closet now, but it wasn’t perfect yet. I wanted it to download .torrents automatically, so I don’t have to keep my workstation powered on, just for that. Since my fileserver runs OpenBSD and the first idea was to have an interface to it by VNC and have Azureus run inside X-windows on it, I needed to get Java 2 SDK on OpenBSD...

Anyway, I think I was almost there… but then I came across TorrentFlux and actually, it’s much more ideal in my situation than the solution I was working on :-) So I decided to stop working on the Java+VNC+Azureus-solution and get this Apache/PHP/MySQL/Python/BitTorrent (all available in the OpenBSD-packagecollection!)-thing going.

So, what is it?

This is a fully-encrypted (samba)fileserver, which means that all the data that’s on there, actually can’t be found physically on the server :-) To be more precise, the data you copy to the server gets encrypted and the data you read from it gets decrypted, all on-the-fly…

And the sugar-on-top on this one is that it’s now got a webinterface for uploading torrent-files to it (or parse the URL’s) and it starts downloading ( & encrypting) them.

Well, it looks the business, doesn’t it? (oh, it’s called scramjetBTW ;-))(actually, I should’ve called it Tonino...)

It downloads directly onto the pseudo-device, so the data gets encrypted while it’s being stored :-)

The encrypted volumes can be shared through Samba and on my Media Center, it looks like this:

To make things quick… I decided to write a rough HOWTO for getting an OpenBSD-encrypted fileserver, additionally with a webbased BitTorrent-interface. You can find the Howto here

Use?

Actually, I’m not sure… I started thinking about something like this since here in Holland the local anti-piracy group are starting to think they’re God…

Anyway, the only P2P I use is BitTorrent and maybe I should decide to switch to antsp2p but then I should look into Java on OpenBSD again and actually I like the beauty of the current Apache/PHP/MySQL-solution.

I’m not a lawyer and imho there’s too little legal history around to be sure of what is allowed and what is not… My logic only tells me it’s impossible to get a proof of the whereabouts of someone online just by looking at some logs… You at least need to proof the person actually possesses the data and in my case… good luck proofing that! In some countries downloading is legal and uploading is not? (probably Einstein who thought that one up)

I’m very curious how upcoming lawsuits will turn out in this country. In the meantime, I’ll polish my solution (if it is one) further…

Don’t get me wrong here, I do not consider myself a pirate in a long way (and do not like to be considered that way either), I just built it…

when I first read this article I was trying to guess the age of the writter, I sincerely believe that this kid is under 9 and shouldn’t be allowed on the internet, moreover this article stinks, so is everything from your shitty site.

“which means that all the data that’s on there, actually can’t be found physically on the server”.. the data remain on the server and can be found there.. encrypted. :-) It’s still there, even if it’s not actually readable.

“This article is so lame, go back to school kid, you’re a loser.”
lame? what’s lame is actually having the time to bother to insult this guy.. don’t you have something better to do? or did you drop out of high school?

yes ‘slashdotter’(arent we all), we should regulate people who are allowed to use the internet, including people who might be younger than you.
how about the low-lifes who post mean mesages on peoples sites with nothing constructive to say. I say these tards should be banned from using the internet(because thats possible—apearantly somebody ownes the internet).

If the law downloads from your IP using bittorrent that might be all they need. Very nice setup though, I have to admit a pang of nerd envy. Oh and sorry for the slashdot troll, they just want attention.

1. You need an encrypted bittorrent interface, but bittorrent lacks this for now (it’s not your fault, how about a new project?)

2. The cgd or gbde devices are fine, but they need further refinements: like e.g. multiple keys for multiple types of data. Say, the powers that be force you to disclose one of the passphrases, you could still tell one with an innocuous file system, hidding the one with the torrents.

Dude, you’re alright. There is nothing wrong with enthusiasm over getting something to work. I understand that there are those who feel the need to put others down in order to feel better about themselves, but I wouldn’t worry about THOSE posts, as they just prove the insecurity of those who posted them. I may not have done what you did, (prolly more like the previous post) but it’s still cool nonetheless, and I’m sure there are PLENTY of people that would have never thought about it in the first place.

dood, everybody has to start somewhere. I guess that unlike other slashdotters we were not all born with 31337 h8×0r 5kI11z. Your doing a great job, keep it up. Because others are jelous/envious/insecure don’t let them discourage you. How many of them have been slashdotted? (READ: none)

If the torrents and other data can be recreated easily from scratch, AND if you have a reliable uninterruptible power supply, you could use data from /dev/random as a passphrase to init the partition.

Should someone yank the power cord while confiscating the box, they won’t be able to decrypt the partition at all (neither would you, if you reboot). And the beauty of it all? If a court asks you to hand over the passphrase, you can safely say that it’s being generated out of random bits, and that you don’t have a way to know or tell it. No contempt of court here! You can prove it by the init scripts that create that gcd partition upon boot time.

Just look at FreeBSD’s encrypted swap script /etc/rc.d/gbde_swap (there’s surely something similar with OpenBSD) for how it’s done.

Hey, great article! I’ve been thinking of switching to freebsd for a long time. I’m just waiting for my new laptop and a homework-free weekend. Your article has been a great inspiration, keep up the good work, and congrats for being slashdotted! /ilix

Really, this fileserver is running smooth for around 9 months now… I do want to update it somewhere this year, adding RAID to it and while I’m at it, build it from scratch again, maybe on a faster machine, depending om my budget…

Anyhow, I guess by running for months without errors now it proves to be a pretty solid setup (luckily! and imho of course)

hey man, great job! this entire site is awesome. i just rediscovered it when i saw your wireless newton on hackaday. its a great alternative to macmod (it is down :() and has the best articles. this is a really nice setup for a server. i like the look and stability. thanks for being a great site!

i just kind of find it ironic that that particular case is an encrypted system, the box is so ugly and could be easily opened. I understand that if you got at the hard drive you wouldn’t be able to do much, but it just seems ironic how insecure the case looks.

The slashdotter are probably from openbsd-misc, the rudest list I’ve ever seen. Of course as anyone who has been on the list for a while, Theo sets the tone when it comes to four letter flames, good enough to embarrass sailors if you have not read all the web pages.

Have you considered using MLDonkey? It supports eDonkey, ( and its server less extensions Overnet and Kaedemlia), Gnutella 1 & 2, Bittorrent, HTTP and FTP download, others are available too. And the best, it’s fully controllable over a web interface.
More information can be found here:
http://mldonkey.sourceforge.net/

As mentioned in the Message from Mark's family this site has been made static. This means that it will be no longer possible to comment on his ideas and projects, but that we all can continue to cherish his creativity.